Cloud computing faces a clear and present danger
Monday, August 19, 2013/
Trust and paranoia seem to walk hand-in-hand in business. Many organisations walk a fine line between trying to entice customers with a pleasant experience and protecting their assets.
Companies like Facebook, Google, and Apple have spent billions building their reputations around a particular style of customer experience, that is easy to understand and enjoy, and perhaps even indispensible to customers.
At their core, these interactions rely on the customer deliberately sharing some information to gain a better experience, and trusting that the organisation will keep that information safe.
Now consumers and businesses clearly have very different needs when it comes to technology services, and different legal responsibilities around the sharing of information. Many businesses have enthusiastically embraced consumer-style cloud services for their own customer interactions and their internal workflows and IT operations.
This major shift towards cloud services has happened almost entirely in parallel with the “war on terror”. While I am sure many Australians are almost immune to the political chatter surrounding the “war on terror”, the monotonous wartime rhetoric of politicians in both Australia and the US is quite deliberate, and serves a purpose.
In 1919, an American legal precedent was set in Schenck v United States, determining the basis for situations where the government could overrule constitutional rights, freedoms, and free speech.
“The question in every case is whether the words used are used in such circumstances and are of such a nature as to create a clear and present danger that they will bring about the substantive evils that the United States Congress has a right to prevent.”
“It is a question of proximity and degree. When a nation is at war, many things that might be said in time of peace are such a hindrance to its effort that their utterance will not be endured so long as men fight, and that no Court could regard them as protected by any constitutional right.”
The recent series of Snowden revelations published by the Guardian are just the latest confirmation of a long series of technology-based intrusions into the private affairs of individuals and businesses. These intrusions have been justified largely due to the clear and present danger invoked by the “war on terror”.
Snowden is certainly not the first whistleblower in this area, but he is the first to attract more than a few moments of attention amongst mainstream news journalists.
Company directors clearly need to comply with the legal environment their organisation operates within. When a government entity invokes powers to silence company directors about breaches of customer privacy and copying of intellectual property, directors are clearly placed in a truly precarious legal position.
Especially when those directors could be subject to legal proceedings instigated by a party that suffers a loss or damage as a result of data disclosure.
Google is perhaps the most obvious public example. In 2009 and 2010, Google sought worldwide attention announcing that they and several other US IT firms had been attacked by Chinese hackers. The impact of that public disclosure was very significant. It has recently been suggested by a Microsoft employee that those very same attacks were actually targeted at the technology mechanisms used by the NSA to directly access Google and Microsoft customer data.
It is worth remembering that the directors of a number of US-based telecommunications companies demanded and received retroactive immunity from prosecution for their participation in NSA surveillance programs. Given Snowden’s revelations of Australia’s deep and active participation in these US NSA surveillance programs, it will be interesting to see whether Australian company directors will ever be extended the same immunity to legal prosecution.